Setting Up Clients in Kiosk Mode

<

You can set up unattended clients that can obtain access to their desktops from View.

A client in kiosk mode is a thin client or a lock-down PC that runs Horizon Client to connect to a View Connection Server instance and launch a remote session. End users do not typically need to log in to access the client device, although the remote desktop might require them to provide authentication information for some applications. Sample applications include medical data entry workstations, airline check-in stations, customer self-service points, and information terminals for public access.

You should ensure that the desktop application implements authentication mechanisms for secure transactions, that the physical network is secure against tampering and snooping, and that all devices connected to the network are trusted.

Clients in kiosk mode support the standard features for remote access such as automatic redirection of USB devices to the remote session and location-based printing.

View uses the Flexible Authentication feature in View 4.5 and later to authenticate a client device in kiosk mode rather than the end user. You can configure a View Connection Server instance to authenticate clients that identify themselves by their MAC address or by a user name that starts with the characters "custom-" or with an alternate prefix string that you have defined in ADAM. If you configure a client to have an automatically generated password, you can run Horizon Client on the device without specifying a password. If you configure an explicit password, you must specify this password to Horizon Client. As you would usually run Horizon Client from a script, and the password would appear in clear text, you should take precautions to make the script unreadable by unprivileged users.

Only View Connection Server instances that you enable to authenticate clients in kiosk mode can accept connections from accounts that start with the characters "cm-" followed by a MAC address, or that start with the characters "custom-" or an alternate string that you have defined. Horizon Client in View 4.5 and later does not allow the manual entry of user names that take these forms.

As a best practice, use dedicated View Connection Server instances to handle clients in kiosk mode, and to create dedicated organizational units and groups in Active Directory for the accounts of these clients. This practice not only partitions these systems against unwarranted intrusion, but also makes it easier to configure and administer the clients.